What is CVE-2023-2135?

CVE-2023-2135 is a vulnerability categorized as 'Use after free in DevTools' in Google Chrome prior to version 112.0.5615.137.

What is the severity of CVE-2023-2135?

CVE-2023-2135 has a severity rating of High (7.5).

Which software is affected by CVE-2023-2135?

The affected software includes Google Chrome (version up to 112.0.5615.137), Microsoft Edge (Chromium-based), Microsoft Edge (version up to 112.0.1722.58), Debian Debian Linux (version 11.0), and Fedoraproject Fedora (versions 36, 37, and 38).

How can I fix CVE-2023-2135?

To fix CVE-2023-2135, it is recommended to update Google Chrome to version 112.0.5615.137 or later.

Where can I find more information about CVE-2023-2135?

You can find more information about CVE-2023-2135 on the Microsoft Security Response Center (MSRC) website, the Google Chrome Releases blog, and the Chromium bug tracker.

Vulnerability/
CVE-2023-2135

high

7.5

CWE

416

14/3/2023

19/4/2023

3/10/2024

CVE-2023-2135: Use after free in DevTools

First published: Tue Mar 14 2023(Updated: )

<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p>

Credit: Cassidy Kim @cassidy6564 chrome-cve-admin@google.com chrome-cve-admin@google.com

Affected Software	Affected Version	How to fix
Microsoft Edge (Chromium-based)		fix available externally
Microsoft Edge	<112.0.1722.58
Google Chrome	<112.0.5615.137
Debian Debian Linux	=11.0
Fedoraproject Fedora	=36
Fedoraproject Fedora	=37
Fedoraproject Fedora	=38
debian/chromium	<=90.0.4430.212-1~deb10u1	116.0.5845.180-1~deb11u1 119.0.6045.123-1~deb11u1 116.0.5845.180-1~deb12u1 119.0.6045.123-1~deb12u1 119.0.6045.105-1 119.0.6045.123-1
Google Chrome	<112.0.5615.137	112.0.5615.137

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

2950018165594373010

Peer vulnerabilities

(Found alongside the following vulnerabilities)

Frequently Asked Questions

What is CVE-2023-2135?
CVE-2023-2135 is a vulnerability categorized as 'Use after free in DevTools' in Google Chrome prior to version 112.0.5615.137.
What is the severity of CVE-2023-2135?
CVE-2023-2135 has a severity rating of High (7.5).
Which software is affected by CVE-2023-2135?
The affected software includes Google Chrome (version up to 112.0.5615.137), Microsoft Edge (Chromium-based), Microsoft Edge (version up to 112.0.1722.58), Debian Debian Linux (version 11.0), and Fedoraproject Fedora (versions 36, 37, and 38).
How can I fix CVE-2023-2135?
To fix CVE-2023-2135, it is recommended to update Google Chrome to version 112.0.5615.137 or later.
Where can I find more information about CVE-2023-2135?
You can find more information about CVE-2023-2135 on the Microsoft Security Response Center (MSRC) website, the Google Chrome Releases blog, and the Chromium bug tracker.

collector/msrc-cve
collector/msrc
collector/security-tracker-debian
agent/type
agent/softwarecombine
agent/first-publish-date
collector/nvd-index
agent/software-canonical-lookup-request
agent/title
agent/author
agent/severity
agent/references
collector/chrome-releases
agent/software-canonical-lookup
agent/description
agent/weakness
agent/tags
agent/event
collector/mitre-cve
source/MITRE
agent/last-modified-date
collector/nvd-api
source/NVD
vendor/microsoft
canonical/microsoft edge
package-manager/debian
vendor/google
canonical/google chrome
vendor/debian
canonical/debian debian linux
version/debian debian linux/11.0
vendor/fedoraproject
canonical/fedoraproject fedora
version/fedoraproject fedora/36
version/fedoraproject fedora/37
version/fedoraproject fedora/38
canonical/microsoft edge (chromium-based)